> On Jul 08, sampsa@netsonic.fi wrote:
>
> > I have a Linux box that serves as traffic accounting server for our
> > network. Before today I was only measuring IP traffic on the network and
> > I did it by kernel IP accounting within 2.0.34 kernel and the NIC set to
> > promisc mode.
>
> sounds interesting, I'm looking for just such a accounting tool for
> an ethernet segment without having to analyze tcpdump output myself.
> which program/tool are you using ?
>
> I'd like to get paket and bit sum/rate between any pair of hosts
> say once every hour (either for all packets or just for one protocol
> or paket type). is this possible? any hints to such a tool ?
I am using Linux kernel 2.0.34 kernel accounting rules , ipfwadm to set
the accounting rules and MRTG with a shell script that extracts the
information from ipfwadm output. With this you can generate IP traffic
case for anything you can match with the accouting rules on kernel (host
to host as an simple example, yes) and get a nice graph of the current
load on a web page updated lets say every 5 minutes.
As I stated with my original message, with 2.1 kernel I tried to use
ipchains instead of ipfwadm, which didn't seem work.
Oh, also I remember set the ethernet device to promisc mode so it listens
all packets. Note that this doesn't work on switched networks, e.g.
networks with switch, on coax and twisted pair ethernets with non
switching hub this should work just fine. (just type ifconfig eth0
promisc, if your NIC supports this)
- Sampsa Ranta
sampsa@netsonic.fi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu